Knowledge BaseSystem AuthenticationWhat is the difference between 'default-sp' and 'default-signed-sp' for SAML?

What is the difference between 'default-sp' and 'default-signed-sp' for SAML?

QUESTION

After upgrading to Metric Insights version 4.1, I noticed that there are 2 options for SAML auth sources:

  • default-sp
  • default-signed-sp

What is the difference between the two and which one do I use?

RESOLUTION

Before v4.1, the Metric Insights application supported only 1 option for auth source: default-sp. That is used for unsigned requests between SAML Identify Providers (like OKTA, Oracle Access Manager) and the Metric Insights application (Service Provider).  

After v4.1, the Metric Insights application added additional support for default-signed-sp. This auth source is used for exchanging signed requests (with certificates) between the SAML IdP and Metric Insights (for example, Microsoft ADFS).

Thus, based on the IdP that is used in your organization (signed or unsigned requests) you must choose the appropriate auth source to successfully connect Metric Insights to your SAML IdP.

Note: If you do not know which auth source to use, we recommend trying default-sp first.